Dealing with Buffer Overflow Errors

Posted By
Kevin
On
February 1, 2011 @ 9:11 AM
In
Security Help,System Tune-Up Help |
No Comments

Receiving a buffer overflow (also known as a buffer overrun) error may not seem that dangerous, but it’s a serious security risk. A direct result of bad programming, buffer overflow errors occur when too much data is stored in a space designed for less.

Think of it this way. If you pour a large jug of water into a small glass, the excess water will spill on the floor.

Something similar happens inside your computer’s memory. A program tries to store too much data in its allocated memory space. The excess data spills into neighboring memory space, corrupting the data reserved for other programs.

This usually causes a program or the whole operating system to crash or freeze. Or, it can allow malicious software to take over the computer.

As a solution to this security threat, a new technology known as DEP (Data Execution Prevention) was introduced in Windows. DEP shields your computer from buffer overflow attacks by performing additional checks on the affected memory.

There are two types of DEP, hardware and software. Software DEP has been integrated into Windows since Windows XP with Service Pack 2. Hardware DEP however, requires a compatible processor and motherboard.

To determine how well your computer is protected by DEP, we’re going to put it to a test using the command prompt.

Note: This article is based on the Vista operating system (but works for Windows 7 as well). The following steps may be slightly different on Windows XP (DEP is only available if you have Service Pack 2). Also, note that you need an administrator account or administration rights to follow the steps below.

First, we’re going to test if hardware DEP is available and supported by your computer’s processor and motherboard.

To open the command prompt, go to the Start menu and type cmd in the search field. Then, right-click on the cmd icon and select Run as administrator.

With the command prompt open, type in the following command and press the Enter key:

wmic OS Get DataExecutionPrevention_Available

If the command prompt returns the message True, hardware DEP is available on your computer. If it returns the message False, you can still use software DEP to protect your computer.

Second, we need to see if hardware DEP is enabled in Windows.

Back in the command prompt, type in the following command and press the Enter key:

wmic OS Get DataExecutionPrevention_Drivers

Just as in the first test, if the command prompt returns the message True, hardware DEP is enabled in Windows. If it returns the message False, follow the steps below on how to enable it in Windows.

Once we’ve established that hardware DEP is available and enabled, we have to test if software DEP is enabled.

With the command prompt still open, type in the following command and press the Enter key:

wmic OS Get DataExecutionPrevention_SupportPolicy

The command will return a number from 0 to 3. If you get a 1 or a 3, DEP is enabled for Windows and all the programs on your computer. If however, you get a 2, DEP is enabled only for Windows components. On the other hand, if you get a 0, DEP is completely disabled on your computer.

Since the test is over, you can now close the command prompt.

If you received a 0 or a 2 on the last test or got a False on the second test, we need to configure DEP manually from within Windows.

Go to the Start Menu, right-click the Computer option and select Properties.

Next, click on Advanced system settings, located on the left side of the window.

This will bring up the System Properties window. Click on the Advanced tab and under Performance, click the Settings… button.

Here, check the box next to the Turn on DEP for all programs and services except those I select option and click OK

Now, just restart your computer and the changes will take effect.

That’s it. Your computer should now be protected from buffer overflow attacks. If you really want to be safe, you can install a free security suite like Comodo Internet Security[1] which has its own buffer overflow protection. Also, be sure to stay up to date with Windows updates, as sometimes a buffer overflow error can just be a false warning from a misbehaving Windows component.